<html>
<head><meta charset="utf-8"><title>Exploit mitigations · t-compiler · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/index.html">t-compiler</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html">Exploit mitigations</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="199823553"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199823553" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199823553">(Jun 05 2020 at 00:00)</a>:</h4>
<p>I'm currently working on a document for a project and I've been able to document almost all mitigations, how they apply to Rust, and their story with it (with comprehensive references, including all relevant GitHub issues and pull requests). However, I couldn't find any information about control flow enforcement, safe stack, and speculative load hardening (besides <a href="https://internals.rust-lang.org/t/thoughts-on-hardening/4771">https://internals.rust-lang.org/t/thoughts-on-hardening/4771</a>). What is the Compiler team stance on these? Where would be the best place to contribute it to? (I've been pointed out to  <a href="https://doc.rust-lang.org/rustc/">https://doc.rust-lang.org/rustc/</a> or <a href="https://doc.rust-lang.org/unstable-book/">https://doc.rust-lang.org/unstable-book/</a>.)</p>
<p>I also couldn't find an official stance on stack smashing protection. What is the Compiler team stance on it?</p>
<p>(I originally asked these questions on <a class="stream" data-stream-id="146229" href="/#narrow/stream/146229-wg-secure-code">#wg-secure-code</a>.)</p>



<a name="199831418"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199831418" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> mark-i-m <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199831418">(Jun 05 2020 at 02:49)</a>:</h4>
<p>I wonder if we inherit any of the stack guard stuff from LLVM? Of course, one could consider the borrow checker to be a mitigation, too, but stack guard, cf enforcement, etc would be good</p>



<a name="199831428"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199831428" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> mark-i-m <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199831428">(Jun 05 2020 at 02:49)</a>:</h4>
<p>Regarding speculative load hardening, I believe that's implemented in LLVM, so clang and rustc and a bunch of other languages got them automatically</p>



<a name="199831477"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199831477" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> mark-i-m <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199831477">(Jun 05 2020 at 02:50)</a>:</h4>
<p>(well, at least, I know that was the case for spectre v2; not sure if there are other mitigations that need to be applied too)</p>



<a name="199964765"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199964765" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nikita Popov <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199964765">(Jun 06 2020 at 09:09)</a>:</h4>
<p>We do inherit the functionality from LLVM, but I don't believe any of it is enabled by default. I don't know if rust exposes any flags for this.</p>



<a name="199964846"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199964846" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nikita Popov <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199964846">(Jun 06 2020 at 09:11)</a>:</h4>
<p>Looks like there is <code>-Z control-flow-guard</code> at least: <a href="https://github.com/rust-lang/rust/issues/68793">https://github.com/rust-lang/rust/issues/68793</a></p>



<a name="199964907"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/199964907" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nikita Popov <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#199964907">(Jun 06 2020 at 09:12)</a>:</h4>
<p><a href="https://github.com/rust-lang/rust/pull/72655">https://github.com/rust-lang/rust/pull/72655</a> might also be of interest (LVI).</p>



<a name="204252019"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/131828-t-compiler/topic/Exploit%20mitigations/near/204252019" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/131828-t-compiler/topic/Exploit.20mitigations.html#204252019">(Jul 17 2020 at 20:04)</a>:</h4>
<p>Thank you <span class="user-mention" data-user-id="198054">@mark-i-m</span> and <span class="user-mention" data-user-id="133224">@Nikita Popov</span>  for all the information and links. Much appreciated. They were all very helpful and led me to the following two issues and associated commits (including commits on the LLVM Project) that answered most of my questions:</p>
<p><a href="https://github.com/rust-lang/rust/issues/68793">https://github.com/rust-lang/rust/issues/68793</a><br>
<a href="https://github.com/rust-lang/rust/issues/39699">https://github.com/rust-lang/rust/issues/39699</a></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>